Software Replication

(1)

(2)

Motivation

Assure the availability of an object (service) despite

failures

Assuming p the failure probability of an object O.

O’s availability is 1-p.

Replicating an object O on n nodes and assuming p

the failure probability of each replica, O’s availability

is

1-

p

n

(3)

Linearizability In a Shared

Memory System

x write(a) p

₁

ok()

x read() p

₁

ok(b)

p

₁ 1. LINEARIZZABILE 3

x write(b) p

₂

ok()

p

₂

x write(a) p

₁

ok()

x write(b) p

₂

ok()

x read() p

₁

ok(a)

p

₁

p

₂ 2. NON LINEARIZZABILE

(4)

Linearizability

Liveness

: every invocation has a

matching response

Safety

Safety:

:

there exists a

permutation P of all operations on

O such that

(5)

Replication Techniques

Due main techniques

implementing linearizability:

Primary

Primary Backup

Backup

5

Primary

Primary Backup

Backup

(6)

Sistem Model

Processes are either clients or replicas

Clients and replicas exchanges messages through Perfect

point-point links

Processes can crash

(7)

Passive replication:

Primary-Backup

(8)

Primary Backup

Primary

:

Receives invocations from clients and

sends back the answers.

Given an object x

x,

prim

prim((

x

)

returns the

primary of x.

x.

Backup:

Interacts with

prim

prim((

x

)

is used to guarantee fault tolerance by

(9)

Primary Backup Scenario

(10)

Primary Backup: the case of no crash

When update messages are received by

backups, they update their state and send

back the ack to

prim

prim((

x

))

.

prim

prim((

x

)

) waits

waits

for an ack message from

prim

prim((

x

)

) waits

waits

for an ack message from

each correct

backup and

backup and then

then sends

sends back

back

the

the answer

answer

,

res

, to the client.

Guarantee Linearizability

: the order in

(11)

Primary Backup: Presence of Crash

Three scenarios

::

1. Scenario 1

: Primary fails after the client

receives the answer.

2. Scenario 2

: Primary fails before sending

update messages

11

update messages

3. Scenario 3

: Primary fails after sending

update messages and before receiving all

the ack messages.

In all cases there is the need of electing a

(12)

Scenario 1

Primary fails after the client receives the answer:

Client could not receive the response due to perfect

(13)

Scenario 2

13

Primary fails before sending update messages

Client does not get an answer and resends the

requests after a timeout

(14)

Scenario 3

Primary fails after sending update messages and

(15)

Example of Primary Backup on

Synchronous Systems

USE

Perfect Point-to-point link; rb broadcast, leader election; perfect failure detector;

upon event <Init> do

recovery:= false; primary:=p; state:=initial; storage:= Ø; lastreq:=(-,-,-,-,initial);

ack_recovery:=Ø; correct:=Π;

upon event < pp2pdeliver | client, [request(arg,sn]>

Upon <rbdeliver|[up(sn,c,arg,result,newstate)]> do

lastreq := (sn,c,arg,result,newstate); state:=newstate;

store (sn,c,arg,result,newstate) into storage;

trigger <pp2psend | primary, [ack(sn,c)]>;

upon event <crash| p > do

correct:=correct-p;

if p=primary

then trigger <leaderelection> ;

upon event < pp2pdeliver | client, [request(arg,sn]>

and not recovery do If (sn,c,arg) in storage

then result:=retrieve(sn,c,arg)from storage

trigger <pp2psend | c, [response(result)]>

else (result,new state):= execute request(arg)

trigger <rbBcast|[up(sn,c,arg,result,newstate)]>; state:=newstate;

create(ack_set_c,sn); ack_set_c,sn:= Ø;

Upon event <pp2pdeliver | replica, ack(c,sn)> ack_set_c,sn:= ack_set_c,sn U replica;

Upon event ackset_c,sn ⊇ correct do

store (sn,c,arg,result,newstate) intostorage;

trigger <pp2psend | c, [response(result)]>;

Upon event ack_recovery ⊇ correct do

recovery:=false;

then trigger <leaderelection> ;

upon event <leader| p> do if p=myself

then recovery:= true;

trigger <rbbcast | [recovery(lastreq)]>;

register the primary to a name server;

Upon <rbdeliver | [recovery(lastreq)]> do if state ≠ lastreq.state

then remove lastreq from storage; state:=lastreq.state;

trigger <pp2psend | primary, [ack_rec]>;

Upon event <pp2pdeliver | replica, ack_recovery> ack_recovery:= ack_recovery U replica;

(16)

(17)

Active Replication

There is no coordinator all replicas have the same role

Each replica is deterministic. If any replica starts from the

same state and receives the same input, they will produce

the same output

As a matter of fact clients will receive the same response

17

As a matter of fact clients will receive the same response

one from each replica

(18)

(19)

Active Replication:

Garantire Linearizability

To ensure linearlizability we need to preserve:

Atomicity

: if a replica executes an invocation, all

correct replicas execute the same invocation.

Ordering

: (at least) no two correct replicas have to

19

Ordering

: (at least) no two correct replicas have to

execute two invocations in different order.

We need:

TOTAL ORDER Broadcast

(20)